Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/15/2021 has been entered.
 
Reasons for Allowance
3.	Claims 1, 18, 35 and 53-68 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication NO. 20150358248 para 0099 “In this context, it is to be noted that the term "instantiated" (or instantiation) means in the context of the following description, for example, that a virtual network function acting in a communication network in the virtualized network part (see e.g. FIG. 1), i.e. in the virtualization infrastructure, is set up, turned on, activated or made in some other manner available for other communication network elements or functions. On the other hand, the term 

U.S. Publication No. 20150333979 discloses on paragraph 0011 “In an aspect, a system might be utilized for invoking virtualized network functions. The system might comprise a programmable service backbone, at least one application programming interface, an application programming interface gateway, and virtualized service equipment. The programmable service backbone might comprise at least one virtualized network function, and might provide virtualized network functions required to provision a service offering. The at least one application programming interface might be configured to invoke the at least one virtualized network function of the programmable service backbone. The application programming interface gateway might be configured to manage access to the at least one application programming interface, and the application programming interface gateway might comprise a security layer. The virtualized service equipment might be in communication with the application programming interface gateway, and might provide authentication indicative of selected virtualized network functions associated with the service offering. The security layer might release an authorized subset of virtualized network functions of the at least one virtualized network function based on the authentication.”

U.S. Patent No. 9749294 on Col. 1 Line 37- Col. 2 Line 7 “In an embodiment, a system for establishing a trusted end-to-end communication link between different Network Functions Virtualization ("NFV") networks is disclosed. The system comprises a first server associated with a first NFV network, wherein the first server is configured to generate and send a first trust ticket establishing the security protocol for communicating with a first NFV network. The first server is further configured to generate and send a request to engage in communication with a second server associated with a second NFV network, and to send trusted data from the first NFV network. The first server is executing in a trusted security zone, wherein the trusted security zone provides hardware assisted security. The first server is further configured to disable communication with the first NFV network after the first trust ticket, request and trusted data are sent. The system further comprises a virtual machine executing in a trusted security zone stored on a first NFV network, wherein the virtual machine executes virtualized network functions, and a session border controller executing in a trusted security zone. The session border controller comprises a trust node and an application stored on the trust node, and is configured to receive the first trust ticket, request, and trusted data from the first server; transmit the first trust ticket and request to a second session border controller, wherein the second session border controller transmits the request and first trust ticket to a second server associated with a second NFV network, executing in a trusted security zone. The session border controller is further configured to receive a response to the communication request and second trust ticket from the second server, wherein the second trust ticket establishes the security protocol for communicating with the second NFV network, also executing in a trusted 

U.S. Publication No. 20170168690 discloses on paragraph 0071 “The VNF definition and onboarding level 802 includes a VNF catalog 808. The VNF catalog 808 contains a set of all available VNFs 810A-810N (collectively, VNFs 810). The VNFs 810 can additionally include one or more physical network functions ("PNFs"), which, from a framework software perspective, can be wrapped with interfaces that present the PNFs as VNFs. The VNFs 810 can provide fundamental network capabilities, some examples of which include, but are not limited to, firewalls, load balancers, routing elements, switching elements, combinations thereof, and the like. The VNFs 810 can support configurable attributes that affect behavior and characteristics of the VNFs 810. The VNFs 810 can conform to VNF packaging standards, including, for example, VNF recipes, VNF controller application programming interfaces ("APIs"), events, and formats. In order to improve the process of offer creation, the VNFs 810 can be packaged in a way that facilitates incorporation into one or more high-level service abstractions provided in the service design level 804, which will now be described.”

U.S. Patent No. 9811686 discloses on Col. 8 Lines 16-32 “In an embodiment, virtualized network functions 116 are implemented at least in part in a trusted security zone, as described above. The trusted security zone securely isolates data and processes used in the virtualized network functions 116 from access outside of the trusted security zone. Each virtual network function 116 may support one or more customers at a given time, with each customer operating in an individual virtual slice that is inaccessible to other customer's virtual slices. A network server 114, operating one or more virtualized network functions 116 in a trusted security zone, may be assigned all or in part to a customer such that substantially all operations of the customer take place in the trusted security zone, isolated from outside access. A trusted orchestrator 118 interfaces between the virtualized network functions 116 located inside the trusted security zone and the area outside of the trusted security zone.”

U.S. Publication No. 20170141974 discloses on paragraph 0004 “Methods, systems, and computer readable media for testing network function virtualization (NFV) are disclosed. According to one method, the method occurs at a network test controller implemented using at least one processor. The method includes determining, using network configuration information, a first insertion point for inserting a first network function tester (NFT) into a service chain comprising a plurality of virtualized network functions (VNFs). The method also includes configuring the first NFT to analyze or ignore traffic matching filtering information, wherein the traffic traverses the first NFT from at least one VNF of the plurality of VNFs. The method further includes inserting, at the first insertion point, the first NFT into the service chain.”

 	The following is an Examiner’s Statement of Reasons for Allowance: 
 	Claims 1, 18, 35 and 53-68 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render 
 	Although the prior art discloses configuring virtualized network function based at least in part on network topology information accessible to an apparatus, no one or two references anticipates or obviously suggest to obtain a list of virtualized network functions at a security wrapping orchestration component within a cloud environment, wherein security wrapping protection is desired for the listed virtualized network functions.
Determining network interfaces relevant to providing a protection envelop enclosing the listed virtualized network functions based at least in part on network topology information accessible to the apparatus, wherein the network interfaces associated with the protection envelope are insertion points at which instantiations of security wrapping virtualized network functions would provide the listed virtualized network functions with security wrapping protection.
Furthermore, issuing a security instruction from the security wrapping orchestration component to a cloud orchestration component within the cloud environment, wherein the security instruction requests instantiation and insertion of security wrapping virtualized network functions for the determined network interfaces associated with the protection envelope and corresponding changes to traffic forwarding paths in conjunction with the insertion of the security wrapping virtualized network functions at the determined insertion points.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.